From 895705923e3f634c94d8c232254f1f67fc319ff95c3203a7634db0a236ea92bc Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 17 Jul 2024 02:09:40 +0000 Subject: [PATCH 1/3] [info=dc64a191ac8ef9ca443387d869911c40b640257d79d458d7ad98062db45720e4] OBS-URL: https://build.opensuse.org/package/show/security:netfilter/nftables?expand=0&rev=89 --- .gitattributes | 23 +++ .gitignore | 1 + _scmsync.obsinfo | 4 + build.specials.obscpio | 3 + nftables-1.0.9.tar.xz | 3 + nftables-1.0.9.tar.xz.sig | Bin 0 -> 566 bytes nftables.changes | 407 ++++++++++++++++++++++++++++++++++++++ nftables.keyring | 64 ++++++ nftables.rpmlintrc | 2 + nftables.spec | 152 ++++++++++++++ 10 files changed, 659 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _scmsync.obsinfo create mode 100644 build.specials.obscpio create mode 100644 nftables-1.0.9.tar.xz create mode 100644 nftables-1.0.9.tar.xz.sig create mode 100644 nftables.changes create mode 100644 nftables.keyring create mode 100644 nftables.rpmlintrc create mode 100644 nftables.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo new file mode 100644 index 0000000..e32e291 --- /dev/null +++ b/_scmsync.obsinfo @@ -0,0 +1,4 @@ +mtime: 1704659945 +commit: dc64a191ac8ef9ca443387d869911c40b640257d79d458d7ad98062db45720e4 +url: https://src.opensuse.org/jengelh/nftables +revision: master diff --git a/build.specials.obscpio b/build.specials.obscpio new file mode 100644 index 0000000..f147c2c --- /dev/null +++ b/build.specials.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:50744d9dcc5d7fd71a1228b852a67e94105c94cb7ffb8ec4169c97caa5f1cfdb +size 256 diff --git a/nftables-1.0.9.tar.xz b/nftables-1.0.9.tar.xz new file mode 100644 index 0000000..e33cbe0 --- /dev/null +++ b/nftables-1.0.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3c304cd9ba061239ee0474f9afb938a9bb99d89b960246f66f0c3a0a85e14cd +size 971968 diff --git a/nftables-1.0.9.tar.xz.sig b/nftables-1.0.9.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..4c19dc4ed4946aac17302b61cf18f1a4d71e63c4a4c70529199da69803f71f9e GIT binary patch literal 566 zcmV-60?GY}0y6{v0SW*e79j*T*<`H1NrA^z0Q;NOU6+cA6d>dU0%b7+LI4U05Y=6m zii#8<A1o2FJZ?jYb)Y?d9x!v($?6*IU*hQJL}*?8M%!w+5}H4chT7tlDZDJj z0a+cLp?tf{hDK(NF}{?gmsAlD3Y1d-SmBGjA`r!ZkX$`twamIvSr~7vhw%E zz=-GkL>f_kcTj5yEZcEshBoK$yRUu6glNXL^y$(=ndq72$z?Hp!NNHDT1}}d5=RYR zC>T&)&~pLj1*h(*;hO`dKX8n>eC-L_Z}(dnu5GuX|FmeHsg$NW}3E|sC0 zhn6x|w6uUgM970pIycv-`eqp8mpgcF5%+vaIHz~#2`w*diugiI9Z@k?wNIe<$rEQn zQE;49LVi??){Cd!J4r_7o5HuLBt1G0qv(E$Ya<;@Gn4-(h7)MwWm0?nD`5^`DbwCg zbEY{}(pT3Rh2aTzTMyk%p8s!3vOVK^8s@Wyji3QU>^}ROfi_d;)p(31K*^nH%22Gp E*wnNSNdN!< literal 0 HcmV?d00001 diff --git a/nftables.changes b/nftables.changes new file mode 100644 index 0000000..e529a84 --- /dev/null +++ b/nftables.changes @@ -0,0 +1,407 @@ +------------------------------------------------------------------- +Thu Jan 4 08:04:39 UTC 2024 - Dirk Müller + +- buildrequire setuptools explicitly as pip drops the dependency + +------------------------------------------------------------------- +Wed Jan 3 10:05:39 UTC 2024 - Ben Greiner + +- Fix the python bindings subpackages + * The PEP517 python build requires setuptools + * Actually use the rpm subpackage definition + * The version is actually python3dist(nftables) = 0.1 + * is noarch and requires libnftables1 through dlopen, tell + rpmlint + * remove unused shebang + +------------------------------------------------------------------- +Thu Oct 19 23:42:57 UTC 2023 - Jan Engelhardt + +- Update to release 1.0.9 + * Custom conntrack timeouts can use time specification with + units other than seconds. + * Allow combination of dnat with numgen. + * Allow for using constants as key in dynamic sets. + * Support for matching on the target address of a IPv6 neighbour + solicitation/advertisement. + * Restore bitwise operations in combination with maps, e.g. jump + to chain depending on bitwise operation on packet mark. + * Fix crash with log prefix longer that 127 bytes. +- Drop merged 0001-Revert-py-replace-distutils-with-setuptools.patch + +------------------------------------------------------------------- +Fri Jul 14 11:56:43 UTC 2023 - Jan Engelhardt + +- Update to release 1.0.8 + * Support for setting meta and ct mark from other fields in + rules, e.g. set meta mark to ip dscp header field. + * Enhacements for -o/--optimize to deal with NAT statements, to + compact masquerade statements. + * Support for stateful statements in anonymous maps, such as + counters. + * Support for resetting stateful expressions in sets, maps and + elements, e.g. counters. + * broute support to short-circuit bridge logic from the bridge + prerouting hook and pass up packets to the local IP stack. + * JSON support for table and chain comments. +- Added 0001-Revert-py-replace-distutils-with-setuptools.patch + +------------------------------------------------------------------- +Mon Mar 13 20:47:53 UTC 2023 - Jan Engelhardt + +- Update to release 1.0.7 + * Support for vxlan/geneve/gre/gretap matching + * auto-merge support for partial set element deletion + * Allow for NAT mapping with concatenation and ranges + * Support for quota in sets + +------------------------------------------------------------------- +Wed Dec 21 23:47:26 UTC 2022 - Jan Engelhardt + +- Update to release 1.0.6 + * Fix bytecode generation for concatenation of intervals where + selectors use different byteorder datatypes, e.g. IPv4 + (network byte order). + * Fix match of uncommon protocol matches with raw expressions + * Unbreak insertion of rules with intervals ("sport { + 3478-3497, 16384-16387 }") + +------------------------------------------------------------------- +Wed Aug 17 19:21:15 UTC 2022 - Dirk Müller + +- update to 1.0.5: + * Fixes for the -o/--optimize, run this --optimize option to automagically + compact your ruleset using sets, maps and concatenations + * Fix ethernet and vlan concatenations, eg. define a dynamic set which + is populated from the packet path + * Fix ruleset listing with interface wildcard map + * Fix several regressions in the input lexer which broke valid rulesets. + * Fix slowdown with large lists of singleton interval elements. + * Fix set automerge feature for large lists of singleton interval elements. + * Fix bogus error reporting for exact overlaps. + * Fix segfault when adding elements to invalid set. + * fix device parsing in netdev family in json. + +------------------------------------------------------------------- +Tue Jun 7 14:55:21 UTC 2022 - Jan Engelhardt + +- Update to release 1.0.4 + * Fixed a segfault in -o/--optimize with unsupported statements. + * Bogus datatype mismatch error report in sets was fixed. + +------------------------------------------------------------------- +Tue May 31 13:34:12 UTC 2022 - Jan Engelhardt + +- Update to release 1.0.3 + * Support for wildcard interface name matching with sets + * Support for runtime auto-merge of set elements. + * Enhancements for the ruleset optimization -o/--optimize + option which allows to coalesce several NAT rules into map. + * Support for raw expressions in concatenations. + * Support for integer type protocol header fields in concatenations. + * Allow to reset TCP options (requires Linux kernel >= 5.18) +- Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch + +------------------------------------------------------------------- +Tue Feb 22 04:39:01 UTC 2022 - Jan Engelhardt + +- Update to release 1.0.2 + * New ruleset optimization -o/--optimize option. + * Support for IP and TCP options and SCTP chunks in sets. + * Support for tcp fastopen, md5sig and mptcp options. + * MP-TCP subtype matching support. + * JSON support for flowtables. +- Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch + +------------------------------------------------------------------- +Thu Nov 18 22:15:03 UTC 2021 - Jan Engelhardt + +- Update to release 1.0.1 + * Reduce memory footprint when loading large sets/maps. + * Speed up reload of large sets/maps. + * Speed up listing of specific tables in large ruleset, e.g. + large ruleset with ~100k lines. + * Speed up --terse option when listing a ruleset large sets/maps. + * Print raw payload expression in hexadecimal, e.g. + "@ll,0,8 & 0x80 == 0x80" + * egress hook support (available since 5.16-rc1). + * Allow matching and update bytes at inner header/payload + offset (available since 5.16-rc1). + +------------------------------------------------------------------- +Thu Aug 19 18:06:29 UTC 2021 - Jan Engelhardt + +- Update to release 1.0.0 + * Catch-all set element support. + * The command-line option --define is now recognized. + * Stateful expressions in maps. + * Allow combination of jhash, symhash and numgen expressions with + the queue statement. + * Allow combination of verdict maps with interval concatenations. + +------------------------------------------------------------------- +Tue May 25 23:20:59 UTC 2021 - Jan Engelhardt + +- Update to release 0.9.9 + * Flowtable hardware offload support + * Support for the table owner flag. + * 802.1ad (QinQ) support + * cgroupsv2 support. + * match on SCTP packet chunks (dependent on Linux 5.14) + * Allow to use verdict in set/map typeof definitions + +------------------------------------------------------------------- +Fri Jan 15 22:28:26 UTC 2021 - Jan Engelhardt + +- Update to release 0.9.8 + * Complete support for matching ICMP header content fields. + * Added raw tcp option match support. + * Added ability to check for the presence of any tcp option. + * Support for rejecting traffic from the ingress chain. + +------------------------------------------------------------------- +Tue Oct 27 12:08:37 UTC 2020 - Jan Engelhardt + +- Update to release 0.9.7 + * Support for implicit chains + * Support for ingress inet chains + * Support for reject from prerouting chain + * Support for --terse option in json + * Support for the reset command with json + +------------------------------------------------------------------- +Tue Jun 16 13:37:28 UTC 2020 - Jan Engelhardt + +- Update to release 0.9.6 + * Fix two ASAN runtime errors + +------------------------------------------------------------------- +Sat Jun 6 12:03:35 UTC 2020 - Jan Engelhardt + +- Update to release 0.9.5 + * Support for set counters. + * Support for restoring set element counters via nft -f. + * Counter support for flowtables. + * typeof concatenations support for sets. + * Support for concatenated ranges in anonymous sets. + * Allow to reject packets with 802.1q from the bridge family. + * Support for matching on the conntrack ID. +- Drop anonset-crashfix.patch (upstream solved differently) + +------------------------------------------------------------------- +Thu May 7 11:41:07 UTC 2020 - Jan Engelhardt + +- Add anonset-crashfix.patch [boo#1171321] + +------------------------------------------------------------------- +Wed Apr 1 18:48:56 UTC 2020 - Jan Engelhardt + +- Update to release 0.9.4 + * Add a helper for concat expression handling. + * Add "typeof" build/parse/print support. + +------------------------------------------------------------------- +Mon Dec 9 09:39:52 UTC 2019 - Jan Engelhardt + +- Add json, python [boo#1158723] + +------------------------------------------------------------------- +Tue Dec 3 09:09:28 UTC 2019 - Jan Engelhardt + +- Update to release 0.9.3 + * meta: Introduce new conditions "time", "day" and "hour". + * src: add ability to set/get secmarks to/from connection. + * flowtable: add support for named flowtable listing. + * flowtable: add support for delete command by handle. + * json: add support for element deletion. + * Add `-T` as the short option for `--numeric-time`. + * meta: add ibrpvid and ibrvproto support + +------------------------------------------------------------------- +Mon Aug 19 12:37:45 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 0.9.2 + * Transport header port matching, e.g. "th dport 53" + * Support for matching on IPv4 options + * Support for synproxy + +------------------------------------------------------------------- +Sat Jan 19 20:53:09 UTC 2019 - Stefan Brüns + +- Remove unused dblatex BuildRequires, only needed for the optional + and disabled PDF generation (same contents as shipped manpage). + +------------------------------------------------------------------- +Sat Jun 9 07:28:57 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 0.9.0 + * Support to check if packet matches an existing socket. + * Support to limit number of active connections by arbitrary + criteria, such as ip addresses, networks, conntrack zones or + any combination thereof. + * Added support for "audit" logging. + +------------------------------------------------------------------- +Fri May 11 07:30:10 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 0.8.5 + * support to add/insert a rule at a given index position + * meter statement now supports a configureable upper max size + * timeouts for sets can now be specified in milliseconds + * re-add iptables-like empty skeleton rulesets + +------------------------------------------------------------------- +Wed May 2 06:08:00 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 0.8.4 + * Support to match IPv6 segment routing headers. + * New "meta ibrname" and "meta obrname" arguments to match the + name of the logical bridge a packet is passing through. + These new names replace the old (misnamed) "ibriport"/"obriport". + * `nft -a` will now show handle identifier for all objects, + including tables and chains. + * nft can now delete objects by their handle number. + * Support to update maps from the ruleset (packet path). + * the "--echo" option now prints handle id for tables and + object too. + * `nft -f -` will now read from standard input + * Support for flow tables, cf. man page or + https://lwn.net/Articles/738214/ . + +------------------------------------------------------------------- +Sat Mar 3 22:59:01 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 0.8.3 + * raw payload support to match headers that do not yet have + received a mnemonic. + +------------------------------------------------------------------- +Sat Feb 3 14:26:36 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 0.8.2 + * add secpath support + +------------------------------------------------------------------- +Tue Jan 16 14:16:40 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 0.8.1 + * This release deprecates the "flow table" syntax in favor + of "meter". + +------------------------------------------------------------------- +Fri Oct 13 08:39:41 UTC 2017 - jengelh@inai.de + +- Update to new upstream release 0.8 + * This release contains new features available up to the + (upcoming) Linux 4.14 kernel release: + * Support for stateful objects, these objects are uniquely + identified by a user-defined name, you can refer to them from + rules, and there is a well established interface to operate + with them. + * Sort set elements when listing them, from lower to largest. + * TCP option matching and mangling support. This includes TCP + maximum segment size mangling. + * Add new "-s" option for listings without stateful information. + * Add new -c/--check option for nft, to tests if your ruleset + loads fine, into the kernel, this is a dry run mode. + * Connection tracking helper support. + * Add --echo option, to print the handle that the kernel + allocates to uniquely identify rules. + * Conntrack zone support + * Symmetric hash support + * Add support to include directories from nft natives scripts, + files are loaded in alphanumerical order. + * Allow to check if IPv6 extension header or TCP option exists + or is missing. + * Extend quota support to display used bytes. + * Add ct average matching, to match average bytes per packet a + connection has transferred so far, to map the existing + feature available in the iptables connbytes match. + * Allow to flush maps and flow tables. + * Allow to embed set definition into an existing set. + * Conntrack event filtering support via rule. + +------------------------------------------------------------------- +Tue Dec 20 22:35:41 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 0.7 + * Add new fib expression, which can be used to obtain the + output interface from the route table based on either source + or destination address of a packet. + * Support hashing of any arbitrary key combination, eg. + * Add number generation support. Useful for round-robin packet + mark setting. + * Add quota support, eg. + * Introduce routing expression, for routing related data with + support for nexthop + * Notrack support, to explicitly skip connection tracking for + matching packets. + * Support to set non-byte bound packet header fields, including + checksum adjustment. + * Add 'create set' and 'create element' commands. + * Allow to use variable reference for set element definitions. + * Allow to use variable definitions from element commands. + * Add support to flush set. You can use this new command to + remove all existing elements in a set. + * Inverted set lookups. + * Honor absolute and relative paths via include file, where: + * Support log flags, to enable logging TCP sequence and options. + * tc classid parser support, eg. + * Allow numeric connlabels, so if connlabel still works with + undefined labels. + +------------------------------------------------------------------- +Thu Jun 2 18:31:23 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 0.6 +* Rules may be replaced now +* Flow table support (requires Linux >= 4.3) +* Support for tracing +* Ratelimiting now supports units like bytes/second. +* Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol + +------------------------------------------------------------------- +Thu Sep 17 21:16:31 UTC 2015 - jengelh@inai.de + +- Update to new upstream release 0.5 +* Support combinations of two or more selectors to build a tuple +* Timeout support for sets +* Dormant flag for tables +* Default chain policy specifiable on creation + +------------------------------------------------------------------- +Sat May 23 23:06:12 UTC 2015 - mrueckert@suse.de + +- set the url to the project page +- pass --disable-silent-rules to configure to allow gcc post build + check to work + +------------------------------------------------------------------- +Tue Dec 16 01:25:00 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 0.4 +* Since Linux 3.18: support for global ruleset operations +* Since 3.17: full logging support for all the families, + including nfnetlink_log +* 3.16: automatic selection of the optimal set implementation +* 3.14: reject support for ip, ip6 and inet +* 3.18: reject support for bridge, and reject icmpx abstraction +* 3.18: masquerade support +* 3.19: redirect support +* Extend meta to support pkttype, cpu and devgroup matching. + +------------------------------------------------------------------- +Fri Jun 27 17:08:46 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 0.3 +* More compact syntax for the queue action +* Match input and output bridge interface name through "meta + ibriport" and "meta obriport" +* netlink event monitor, to monitor ruleset events, set changes, etc. +* New transaction infrastructure - fully atomic updates for all + object available in the upcoming 3.16. + +------------------------------------------------------------------- +Mon Jan 13 09:05:35 UTC 2014 - jengelh@inai.de + +- Initial package for build.opensuse.org diff --git a/nftables.keyring b/nftables.keyring new file mode 100644 index 0000000..34ba618 --- /dev/null +++ b/nftables.keyring @@ -0,0 +1,64 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded +660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi +V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2 +zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t +Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh +KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3 +dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi +WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg +9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj ++IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR +U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB +tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC +VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ +CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6 ++ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd +RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6 +4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN +IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w +bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf +Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj +QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3 +wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb +4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET +tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP +n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV +oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9 +o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S +ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU +tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp +HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM +FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/ +diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid +R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK +uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv +Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl +UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q +KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO +RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc +wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0 +0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+ +q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU +k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk +pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY +plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC +qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu +iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p +jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O +ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1 +CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag +8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB +bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM +jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR +rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg +3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ +7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1 +7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/ +yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8 +leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6 +U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+ +rlbu70nh2kSJrg== +=wukb +-----END PGP PUBLIC KEY BLOCK----- diff --git a/nftables.rpmlintrc b/nftables.rpmlintrc new file mode 100644 index 0000000..16cd97f --- /dev/null +++ b/nftables.rpmlintrc @@ -0,0 +1,2 @@ +# dlopen of python package not recognized by rpm requirements generator +addFilter("explicit-lib-dependency libnftables1") diff --git a/nftables.spec b/nftables.spec new file mode 100644 index 0000000..f53abe5 --- /dev/null +++ b/nftables.spec @@ -0,0 +1,152 @@ +# +# spec file for package nftables +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# configure subpackage rewriter for the python3XX-nftables bindings +%define python_subpackage_only 1 +# check py/src/nftable.py:NFTABLES_VERSION +%define pyversion 0.1 + +Name: nftables +Version: 1.0.9 +Release: 0 +Summary: Userspace utility to access the nf_tables packet filter +License: GPL-2.0-only +Group: Productivity/Networking/Security +URL: https://netfilter.org/projects/nftables/ + +#Git-Clone: git://git.netfilter.org/nftables +Source: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz +Source2: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz.sig +Source3: %name.keyring +Source4: nftables.rpmlintrc +BuildRequires: %{python_module pip} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} +BuildRequires: asciidoc +BuildRequires: bison +BuildRequires: fdupes +BuildRequires: flex +BuildRequires: gmp-devel +BuildRequires: libtool +BuildRequires: pkg-config >= 0.21 +BuildRequires: python-rpm-macros +BuildRequires: pkgconfig(jansson) +BuildRequires: pkgconfig(libedit) +BuildRequires: pkgconfig(libmnl) >= 1.0.4 +BuildRequires: pkgconfig(libnftnl) >= 1.2.6 +BuildRequires: pkgconfig(xtables) >= 1.6.1 +%python_subpackages + +%description +nf_tables is a firewalling mechanism in the Linux kernel, running +independently of and parallel to ip_tables, ip6_tables, +arp_tables and ebtables. nftables is the corresponsing userspace +frontend. + +The nftables frontend features support for sets and dictionaries of arbitrary +types, meta data types, atomic incremental and full ruleset updates, and, +similar to iptables, support for different protocols, access to connection +tracking and NAT and logging. + +%package -n libnftables1 +Summary: nftables firewalling command interface +Group: System/Libraries + +%description -n libnftables1 +libnftables is the nftables command line interface placed into a +library. + +%package devel +Summary: Development files for the nftables command line interface +Group: Development/Libraries/C and C++ +Requires: libnftables1 = %version + +%description devel +libnftables is the nftables command line interface placed into a +library. + +This package contains the header files for the library. + +%package -n python-nftables +Summary: Python bindings for nftables +Group: Development/Languages/Python +# uses dlopen +Requires: libnftables1 +BuildArch: noarch + +%description -n python-nftables +Python bindings for nftables + +%prep +%autosetup -p1 +# remove unused shebang +sed -i '1{/bin/d}' py/src/nftables.py + +%build +autoreconf -fi +mkdir bin +ln -s "%_bindir/docbook-to-man" bin/docbook2x-man +export PATH="$PATH:$PWD/bin" +mkdir obj +pushd obj/ +%define _configure ../configure +%configure --disable-silent-rules --disable-static --docdir="%_docdir/%name" \ + --includedir="%_includedir/%name" --with-json \ + --enable-python --with-python-bin="$(which python3)" +%make_build +popd +pushd py +%pyproject_wheel +popd + +%install +b="%buildroot" +%make_install -C obj +pushd py +%pyproject_install +%python_expand %fdupes %buildroot/%{$python_sitelib} +popd +rm -f "%buildroot/%_libdir"/*.la +mkdir -p "$b/%_docdir/%name/examples" +mv -v "$b/%_datadir/nftables"/*.nft "$b/%_docdir/%name/examples/" + +%post -n libnftables1 -p /sbin/ldconfig +%postun -n libnftables1 -p /sbin/ldconfig + +%files +%license COPYING +%_sysconfdir/nftables/ +%_sbindir/nft +%_mandir/man5/*.5* +%_mandir/man8/nft* +%_docdir/%name/ + +%files -n libnftables1 +%_libdir/libnftables.so.1* + +%files devel +%_includedir/%name/ +%_libdir/libnftables.so +%_libdir/pkgconfig/*.pc +%_mandir/man3/*.3* + +%files %{python_files nftables} +%{python_sitelib}/nftables +%{python_sitelib}/nftables-%{pyversion}.dist-info + +%changelog From 61cb9417dd5768759d3c68b4e0382045c4172cd33fa08bbbb3c95b6d7111add7 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 17 Jul 2024 02:35:15 +0000 Subject: [PATCH 2/3] [info=7a847e7093671661c1b2627f032fd45335faa27107f0a1d97bbbfb2ed0363783] OBS-URL: https://build.opensuse.org/package/show/security:netfilter/nftables?expand=0&rev=90 --- _scmsync.obsinfo | 4 ++-- build.specials.obscpio | 2 +- nftables-1.0.9.tar.xz | 3 --- nftables-1.0.9.tar.xz.sig | Bin 566 -> 0 bytes nftables-1.1.0.tar.xz | 3 +++ nftables-1.1.0.tar.xz.sig | Bin 0 -> 566 bytes nftables.changes | 13 +++++++++++++ nftables.spec | 4 ++-- 8 files changed, 21 insertions(+), 8 deletions(-) delete mode 100644 nftables-1.0.9.tar.xz delete mode 100644 nftables-1.0.9.tar.xz.sig create mode 100644 nftables-1.1.0.tar.xz create mode 100644 nftables-1.1.0.tar.xz.sig diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo index e32e291..850060e 100644 --- a/_scmsync.obsinfo +++ b/_scmsync.obsinfo @@ -1,4 +1,4 @@ -mtime: 1704659945 -commit: dc64a191ac8ef9ca443387d869911c40b640257d79d458d7ad98062db45720e4 +mtime: 1721183904 +commit: 7a847e7093671661c1b2627f032fd45335faa27107f0a1d97bbbfb2ed0363783 url: https://src.opensuse.org/jengelh/nftables revision: master diff --git a/build.specials.obscpio b/build.specials.obscpio index f147c2c..adfd336 100644 --- a/build.specials.obscpio +++ b/build.specials.obscpio @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:50744d9dcc5d7fd71a1228b852a67e94105c94cb7ffb8ec4169c97caa5f1cfdb +oid sha256:4644b6c540c9a2dec8bb6d0e5d7450385f8b48ea58d92c1684b2c5650264aa99 size 256 diff --git a/nftables-1.0.9.tar.xz b/nftables-1.0.9.tar.xz deleted file mode 100644 index e33cbe0..0000000 --- a/nftables-1.0.9.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3c304cd9ba061239ee0474f9afb938a9bb99d89b960246f66f0c3a0a85e14cd -size 971968 diff --git a/nftables-1.0.9.tar.xz.sig b/nftables-1.0.9.tar.xz.sig deleted file mode 100644 index 4c19dc4ed4946aac17302b61cf18f1a4d71e63c4a4c70529199da69803f71f9e..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 566 zcmV-60?GY}0y6{v0SW*e79j*T*<`H1NrA^z0Q;NOU6+cA6d>dU0%b7+LI4U05Y=6m zii#8<A1o2FJZ?jYb)Y?d9x!v($?6*IU*hQJL}*?8M%!w+5}H4chT7tlDZDJj z0a+cLp?tf{hDK(NF}{?gmsAlD3Y1d-SmBGjA`r!ZkX$`twamIvSr~7vhw%E zz=-GkL>f_kcTj5yEZcEshBoK$yRUu6glNXL^y$(=ndq72$z?Hp!NNHDT1}}d5=RYR zC>T&)&~pLj1*h(*;hO`dKX8n>eC-L_Z}(dnu5GuX|FmeHsg$NW}3E|sC0 zhn6x|w6uUgM970pIycv-`eqp8mpgcF5%+vaIHz~#2`w*diugiI9Z@k?wNIe<$rEQn zQE;49LVi??){Cd!J4r_7o5HuLBt1G0qv(E$Ya<;@Gn4-(h7)MwWm0?nD`5^`DbwCg zbEY{}(pT3Rh2aTzTMyk%p8s!3vOVK^8s@Wyji3QU>^}ROfi_d;)p(31K*^nH%22Gp E*wnNSNdN!< diff --git a/nftables-1.1.0.tar.xz b/nftables-1.1.0.tar.xz new file mode 100644 index 0000000..0f17029 --- /dev/null +++ b/nftables-1.1.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ef3373294886c5b607ee7be82c56a25bc04e75f802f8e8adcd55aac91eb0aa24 +size 1057672 diff --git a/nftables-1.1.0.tar.xz.sig b/nftables-1.1.0.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..68603026eea8777cb0c899d2517f259ea8a6fc1fdc877c2fea3c3318b74bda54 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SW*e79j*T*<`H1NrA^z0Q;NOU6+cA6d>dU0%n%kfB*^!5Y=6m zii#8<(E6I*89n2 zA%Bzi*As8}new}&CmOj7FPSR9$CkOXcd;`X{!pQmJ?rx;wRel|%-Kz%WLk$QTPzM^ zRzaQYAs0sO5i7pWV6cU7#P2>CGIA1lr)Og>Q3E1tHL3GoM(+lXz#~=!769hFZ*mtS ze8NcG8#rPLW(RQ5W%$JG{)hA9UedWFjF zFU(f7!3Dfs9eUC-k>t^ksxWy29#KvAdofbKG7npkk?($0;sCG41#^-!8&|p^(b-zJ z=}TVEC+EH#H(6zckY`K5)TmFZ^aShOX>Fz3>NQFCw@;}^@F&lG;<+snP%AaXTryi; zuzuj$Jt!F7#S%Yx=!$Ti(1s|HwtFDWc#UYBrLm4zk3!QemhDHnH-W>Lby>|sml_{+nLz5~p|g&)Pta~U EUilmm(*OVf literal 0 HcmV?d00001 diff --git a/nftables.changes b/nftables.changes index e529a84..e0a9130 100644 --- a/nftables.changes +++ b/nftables.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Jul 17 02:13:42 UTC 2024 - Jan Engelhardt + +- Update to release 1.1.0 + * Restore compatibility set element dump with <= 0.9.8 + * Disallow empty interface names + * Restore rule replace command + * Search for group, rt_mark, rt_realms at + /etc/iproute2, /usr/share/iproute2 + * Resolve some timezone issues + * Support for variables in map expressions + * VLAN support + ------------------------------------------------------------------- Thu Jan 4 08:04:39 UTC 2024 - Dirk Müller diff --git a/nftables.spec b/nftables.spec index f53abe5..7c61eab 100644 --- a/nftables.spec +++ b/nftables.spec @@ -22,7 +22,7 @@ %define pyversion 0.1 Name: nftables -Version: 1.0.9 +Version: 1.1.0 Release: 0 Summary: Userspace utility to access the nf_tables packet filter License: GPL-2.0-only @@ -48,7 +48,7 @@ BuildRequires: python-rpm-macros BuildRequires: pkgconfig(jansson) BuildRequires: pkgconfig(libedit) BuildRequires: pkgconfig(libmnl) >= 1.0.4 -BuildRequires: pkgconfig(libnftnl) >= 1.2.6 +BuildRequires: pkgconfig(libnftnl) >= 1.2.7 BuildRequires: pkgconfig(xtables) >= 1.6.1 %python_subpackages From 2e31b71a3f7a2da2274f9046f96aa153cde8a82b5a968e4d8a123301035b4485 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 3 Oct 2024 07:03:50 +0000 Subject: [PATCH 3/3] [info=554c6b6a3ce96010af8c533855d96945c8fd8d9fff4d3cbf12956b82a08de423] OBS-URL: https://build.opensuse.org/package/show/security:netfilter/nftables?expand=0&rev=91 --- _scmsync.obsinfo | 4 ++-- build.specials.obscpio | 2 +- nftables-1.1.0.tar.xz | 3 --- nftables-1.1.0.tar.xz.sig | Bin 566 -> 0 bytes nftables-1.1.1.tar.xz | 3 +++ nftables-1.1.1.tar.xz.sig | Bin 0 -> 566 bytes nftables.changes | 14 ++++++++++++++ nftables.spec | 12 +++++------- 8 files changed, 25 insertions(+), 13 deletions(-) delete mode 100644 nftables-1.1.0.tar.xz delete mode 100644 nftables-1.1.0.tar.xz.sig create mode 100644 nftables-1.1.1.tar.xz create mode 100644 nftables-1.1.1.tar.xz.sig diff --git a/_scmsync.obsinfo b/_scmsync.obsinfo index 850060e..e50cd1e 100644 --- a/_scmsync.obsinfo +++ b/_scmsync.obsinfo @@ -1,4 +1,4 @@ -mtime: 1721183904 -commit: 7a847e7093671661c1b2627f032fd45335faa27107f0a1d97bbbfb2ed0363783 +mtime: 1727939012 +commit: 554c6b6a3ce96010af8c533855d96945c8fd8d9fff4d3cbf12956b82a08de423 url: https://src.opensuse.org/jengelh/nftables revision: master diff --git a/build.specials.obscpio b/build.specials.obscpio index adfd336..faa6042 100644 --- a/build.specials.obscpio +++ b/build.specials.obscpio @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4644b6c540c9a2dec8bb6d0e5d7450385f8b48ea58d92c1684b2c5650264aa99 +oid sha256:82162ff6918de35ae9f3d1e379d1a2af83a90b85c80e8d38a1b411f2f8de0c5c size 256 diff --git a/nftables-1.1.0.tar.xz b/nftables-1.1.0.tar.xz deleted file mode 100644 index 0f17029..0000000 --- a/nftables-1.1.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ef3373294886c5b607ee7be82c56a25bc04e75f802f8e8adcd55aac91eb0aa24 -size 1057672 diff --git a/nftables-1.1.0.tar.xz.sig b/nftables-1.1.0.tar.xz.sig deleted file mode 100644 index 68603026eea8777cb0c899d2517f259ea8a6fc1fdc877c2fea3c3318b74bda54..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 566 zcmV-60?GY}0y6{v0SW*e79j*T*<`H1NrA^z0Q;NOU6+cA6d>dU0%n%kfB*^!5Y=6m zii#8<(E6I*89n2 zA%Bzi*As8}new}&CmOj7FPSR9$CkOXcd;`X{!pQmJ?rx;wRel|%-Kz%WLk$QTPzM^ zRzaQYAs0sO5i7pWV6cU7#P2>CGIA1lr)Og>Q3E1tHL3GoM(+lXz#~=!769hFZ*mtS ze8NcG8#rPLW(RQ5W%$JG{)hA9UedWFjF zFU(f7!3Dfs9eUC-k>t^ksxWy29#KvAdofbKG7npkk?($0;sCG41#^-!8&|p^(b-zJ z=}TVEC+EH#H(6zckY`K5)TmFZ^aShOX>Fz3>NQFCw@;}^@F&lG;<+snP%AaXTryi; zuzuj$Jt!F7#S%Yx=!$Ti(1s|HwtFDWc#UYBrLm4zk3!QemhDHnH-W>Lby>|sml_{+nLz5~p|g&)Pta~U EUilmm(*OVf diff --git a/nftables-1.1.1.tar.xz b/nftables-1.1.1.tar.xz new file mode 100644 index 0000000..bc93b62 --- /dev/null +++ b/nftables-1.1.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6358830f3a64f31e39b0ad421d7dadcd240b72343ded48d8ef13b8faf204865a +size 989700 diff --git a/nftables-1.1.1.tar.xz.sig b/nftables-1.1.1.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..2b402b9632694801d29e8a9c298f7ab89159cadd9d2657971830bdcb28e80f11 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SW*e79j*T*<`H1NrA^z0Q;NOU6+cA6d>dU0%rZn0RRdK5Y=6m zii#8<t&nPs=k z^*+iQZdlh&qTuzXI3VuVD5`UBU13ZGZL%8V3qQ;la}7?9_*`77*yg78v*Tc5Yp|j| z0baL3{+8Jv^X=6$L=_8!$&x|F2;l-hnG|i(Kv=n5;&E6~N9S!s(z&4*7kaJ=$?B1p z6;Wsfk8Zeio;o(2u7A|Ai{l~k7X1e__7o?y+E0RcT5zq=AP`Gq{L0%zE7OCTdch3D zKQ#L~7V&=bpNxFSUV`2{nb>M%LzxICNbT?ak*rGDL5BmwZe%1w!Dk-+FOzT!8u^E+ z0rt`9CE{%_lP!>r8LwQUsZo`*x7mO}nn!*#_bzGF3BDChoZKN&-J@IvFHL#>F06b; z49fLiqQrg#k@|nY2(=KktmzbLs~v66_Yr5p(@|NrGPSyEbQ&8-_s_Fq{U+GyRtm_A z1Yk)gZWbS7GCQB|Qy@A0083zD;ZJuwXDZ1-}vyZU4p&vED&D zs26ix+hA*m@|mHgTtt{&@`^~lYVj9e2mM%Wg(3S2G`)`v En6pC&;Q#;t literal 0 HcmV?d00001 diff --git a/nftables.changes b/nftables.changes index e0a9130..2794039 100644 --- a/nftables.changes +++ b/nftables.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Oct 3 07:00:54 UTC 2024 - Jan Engelhardt + +- Update to release 1.1.1 + * Reduce netlink cache dependencies to speed up incremental + updates. + * Allow zero burst in byte ratelimiter expression. + * Fix double-free when users call nft_ctx_clear_vars() followed + by nft_ctx_free(). + * Document that the tproxy statement is non-terminal (unlike in + iptables). This allows for tproxy+log and tproxy+mark combos, + see man nft(8) for details. + * Add egress support for the `list hooks` subcommand. + ------------------------------------------------------------------- Wed Jul 17 02:13:42 UTC 2024 - Jan Engelhardt diff --git a/nftables.spec b/nftables.spec index 7c61eab..4dce635 100644 --- a/nftables.spec +++ b/nftables.spec @@ -22,13 +22,12 @@ %define pyversion 0.1 Name: nftables -Version: 1.1.0 +Version: 1.1.1 Release: 0 Summary: Userspace utility to access the nf_tables packet filter License: GPL-2.0-only Group: Productivity/Networking/Security URL: https://netfilter.org/projects/nftables/ - #Git-Clone: git://git.netfilter.org/nftables Source: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz Source2: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz.sig @@ -48,7 +47,7 @@ BuildRequires: python-rpm-macros BuildRequires: pkgconfig(jansson) BuildRequires: pkgconfig(libedit) BuildRequires: pkgconfig(libmnl) >= 1.0.4 -BuildRequires: pkgconfig(libnftnl) >= 1.2.7 +BuildRequires: pkgconfig(libnftnl) >= 1.2.8 BuildRequires: pkgconfig(xtables) >= 1.6.1 %python_subpackages @@ -125,8 +124,7 @@ rm -f "%buildroot/%_libdir"/*.la mkdir -p "$b/%_docdir/%name/examples" mv -v "$b/%_datadir/nftables"/*.nft "$b/%_docdir/%name/examples/" -%post -n libnftables1 -p /sbin/ldconfig -%postun -n libnftables1 -p /sbin/ldconfig +%ldconfig_scriptlets -n libnftables1 %files %license COPYING @@ -146,7 +144,7 @@ mv -v "$b/%_datadir/nftables"/*.nft "$b/%_docdir/%name/examples/" %_mandir/man3/*.3* %files %{python_files nftables} -%{python_sitelib}/nftables -%{python_sitelib}/nftables-%{pyversion}.dist-info +%python_sitelib/nftables +%python_sitelib/nftables-%pyversion.dist-info %changelog